Hub configuration

More info

technitium-logs Log Parser

« technitium-logs »
v0.1 by PintjesB
Log parser

Parse Technitium auth logs

Installation

cscli parsers install PintjesB/technitium-logs

Description

Parsing of Technitium DNS server logs

Example acquisition for this collection:

1---
2filenames:
3  - /syslog-server/technitium.log
4labels:
5  type: technitium

YAML Configuration

1name: PintjesB/technitium-logs
2description: "Parse Technitium auth logs"
3onsuccess: next_stage
4filter: evt.Parsed.program == 'technitium'
5pattern_syntax:
6  TECHNITIUM_DATETIME: '%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{TIME:time} %{TZ}'
7nodes:
8  - grok:
9      pattern: '^\[%{TECHNITIUM_DATETIME}\] \[%{IP:source_ip}:%{INT:source_port}\] DnsServerCore.DnsWebServiceException: Invalid username or password for user: %{USERNAME:username}'
10      apply_on: message
11      statics:
12        - meta: log_type
13          value: technitium_failed_auth
14
15statics:
16  - meta: service
17    value: technitium
18  - target: evt.StrTime
19    expression: "evt.Parsed.year + '/' + evt.Parsed.month + '/' + evt.Parsed.day + ' ' + evt.Parsed.time"
20  - meta: source_ip
21    expression: "evt.Parsed.source_ip"
22  - meta: source_port
23    expression: "evt.Parsed.source_port"
24  - meta: username
25    expression: "evt.Parsed.username"

Hub configuration

« technitium-logs »v0.1 by PintjesBLog parser

« technitium-logs »
v0.1 by PintjesB
Log parser